Frank Knobbe wrote:
What he has done is not say "Here's a bug that I can exploit". He has
said "This IOS is capable of exploitation beyond current belief". And it
will be for the foreseeable future.
Precisely. And Lynn pointed out that Cisco routers use general purpose
CPUs -- therefore Cisco's own engineers chose purposefully to build a
vulnerable device.
Cisco is responsible for this entire mess. Had they engineered a secure
product around a CPU that was not general purpose, none of this would be
happening now.
No company that intentionally engineers a computing device around a
general purpose programmable CPU should have the ability to press
charges against security researchers who disclose security flaws in
those devices.
Cisco is wrong to conclude that they can engineer a defective product
and then allow the criminal prosecution of a person who simply asks the
pointed question "Why did Cisco do this? It renders their product
permanently defective, and here's the proof."
Somebody needs to explain this clearly to the FBI.
Cisco should be criminally prosecuted for telling lies to their
customers and for abuse of process.
Regards,
Jason Coombs
[EMAIL PROTECTED]
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
